CVE-2024-47776 – CVE-2024-47776 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2024-47776?

CVE-2024-47776 has a CVSS score of 9.1 (CRITICAL). CVE-2024-47776 is an out-of-bounds read vulnerability in GStreamer's WAV file parser that occurs when processing malformed CUE chunks. This allows attackers to read beyond allocated memory buffers, potentially causing crashes or information disclosure. Any application using vulnerable GStreamer versions to process untrusted media files is affected.

📋 TL;DR

CVE-2024-47776 is an out-of-bounds read vulnerability in GStreamer's WAV file parser that occurs when processing malformed CUE chunks. This allows attackers to read beyond allocated memory buffers, potentially causing crashes or information disclosure. Any application using vulnerable GStreamer versions to process untrusted media files is affected.

💻 Affected Systems

Products:

GStreamer
Applications using GStreamer library

Versions: All versions before 1.24.10

Operating Systems: Linux, Windows, macOS, BSD, Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing WAV files with malformed CUE chunks. Applications must use gstwavparse element.

📦 What is this software?

Gstreamer by Gstreamer Project

View all CVEs affecting Gstreamer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption leading to complete system compromise, though this requires specific memory layouts and exploitation techniques beyond simple OOB-read.

🟠

Likely Case

Denial of service through application crashes or information disclosure by reading adjacent memory contents, potentially exposing sensitive data.

🟢

If Mitigated

Application crash with no data leakage if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires processing untrusted media files, which is common for media servers, web applications, and user upload features.

🏢 Internal Only: LOW - Internal systems typically process trusted media, but risk exists if processing user-generated content.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires feeding a malicious WAV file to vulnerable GStreamer instances. No authentication needed if application processes external media.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.24.10

Vendor Advisory: https://gstreamer.freedesktop.org/security/sa-2024-0027.html

Restart Required: Yes

Instructions:

1. Update GStreamer to version 1.24.10 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade gstreamer1.0' (Debian/Ubuntu) or 'sudo yum update gstreamer' (RHEL/CentOS). 3. Restart affected applications. 4. Recompile applications statically linked to GStreamer.

🔧 Temporary Workarounds

Disable WAV parsing

linux

Remove or disable gstwavparse plugin to prevent processing of WAV files

gst-inspect-1.0 --plugins | grep wavparse
rm /usr/lib/gstreamer-1.0/libgstwavparse.so

Input validation

all

Implement strict file type validation and size limits for media uploads

🧯 If You Can't Patch

Implement network segmentation to isolate media processing systems
Use application sandboxing (seccomp, AppArmor, SELinux) to limit impact of crashes

🔍 How to Verify

Check if Vulnerable:

Check GStreamer version: 'gst-inspect-1.0 --version' and compare to 1.24.10. Versions below are vulnerable.

Check Version:

gst-inspect-1.0 --version

Verify Fix Applied:

Confirm version is 1.24.10 or higher: 'gst-inspect-1.0 --version | grep "GStreamer"'

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory access violation errors
Unexpected process termination when processing media files

Network Indicators:

Unusual WAV file uploads to media processing endpoints
Multiple failed media processing requests

SIEM Query:

process.name:"gst-launch" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2024-47776

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: December 12, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47776, you might also want to check these: